tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-08-10 19:48:19 +00:00
Code Releases Activity

Fix API leaking Usermail if not logged in (#25097) (#26350)

Browse Source 
Backport #25097

The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
wxiaoguang
2023-08-06 20:11:39 +08:00
committed by GitHub
parent 59354d7135
commit 4fd8ac0653
4 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
models/user/user.go
View File

@@ -203,11 +203,16 @@ func UpdateUserTheme(u *User, themeName string) error {
return UpdateUserCols(db.DefaultContext, u, "theme")
}
// GetPlaceholderEmail returns an noreply email
func (u *User) GetPlaceholderEmail() string {
return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
}
// GetEmail returns an noreply email, if the user has set to keep his
// email address private, otherwise the primary email address.
func (u *User) GetEmail() string {
if u.KeepEmailPrivate {
return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
return u.GetPlaceholderEmail()
}
return u.Email
}